1 /* 2 * ProFTPD - FTP server daemon 3 * Copyright (c) 1997, 1998 Public Flood Software 4 * Copyright (c) 1999, 2000 MacGyver aka Habeeb J. Dihu <macgyver@tos.net> 5 * Copyright (c) 2001-2020 The ProFTPD Project 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA. 20 * 21 * As a special exemption, Public Flood Software/MacGyver aka Habeeb J. Dihu 22 * and other respective copyright holders give permission to link this program 23 * with OpenSSL, and distribute the resulting executable, without including 24 * the source code for OpenSSL in the source distribution. 25 */ 26 27 /* ProFTPD virtual/modular filesystem support. */ 28 29 #ifndef PR_FSIO_H 30 #define PR_FSIO_H 31 32 #include "conf.h" 33 #include "error.h" 34 35 #ifdef PR_USE_XATTR 36 # if defined(HAVE_SYS_EXTATTR_H) 37 # include <sys/extattr.h> 38 # elif defined(HAVE_SYS_XATTR_H) 39 # include <sys/xattr.h> 40 # if defined(HAVE_ATTR_XATTR_H) 41 # include <attr/xattr.h> 42 # endif /* HAVE_ATTR_XATTR_H */ 43 # endif /* HAVE_SYS_XATTR_H */ 44 #endif /* PR_USE_XATTR */ 45 46 /* This is a Tru64-specific hack, to work around some macro funkiness 47 * in their /usr/include/sys/mount.h header. 48 */ 49 #ifdef OSF5 50 # undef fh_data 51 #endif 52 53 /* Operation codes */ 54 #define FSIO_FILE_STAT (1 << 0) 55 #define FSIO_FILE_LSTAT (1 << 1) 56 #define FSIO_FILE_RENAME (1 << 2) 57 #define FSIO_FILE_UNLINK (1 << 3) 58 #define FSIO_FILE_OPEN (1 << 4) 59 /* Was FSIO_FILE_CREAT, now unused */ 60 #define FSIO_FILE_CLOSE (1 << 6) 61 #define FSIO_FILE_READ (1 << 7) 62 #define FSIO_FILE_WRITE (1 << 8) 63 #define FSIO_FILE_LINK (1 << 9) 64 #define FSIO_FILE_SYMLINK (1 << 10) 65 #define FSIO_FILE_READLINK (1 << 11) 66 #define FSIO_FILE_TRUNC (1 << 12) 67 #define FSIO_FILE_CHMOD (1 << 13) 68 #define FSIO_FILE_CHOWN (1 << 14) 69 #define FSIO_FILE_ACCESS (1 << 15) 70 #define FSIO_FILE_PREAD (1 << 16) 71 #define FSIO_FILE_PWRITE (1 << 17) 72 #define FSIO_FILE_UTIMES (1 << 23) 73 #define FSIO_FILE_GETXATTR (1 << 24) 74 #define FSIO_FILE_LGETXATTR (1 << 25) 75 #define FSIO_FILE_LISTXATTR (1 << 26) 76 #define FSIO_FILE_LLISTXATTR (1 << 27) 77 #define FSIO_FILE_REMOVEXATTR (1 << 28) 78 #define FSIO_FILE_LREMOVEXATTR (1 << 29) 79 #define FSIO_FILE_SETXATTR (1 << 30) 80 #define FSIO_FILE_LSETXATTR (1 << 31) 81 82 /* Macro that defines the most common file ops */ 83 #define FSIO_FILE_COMMON (FSIO_FILE_OPEN|FSIO_FILE_READ|FSIO_FILE_WRITE|\ 84 FSIO_FILE_CLOSE) 85 86 #define FSIO_DIR_CHROOT (1 << 16) 87 #define FSIO_DIR_CHDIR (1 << 17) 88 #define FSIO_DIR_OPENDIR (1 << 18) 89 #define FSIO_DIR_CLOSEDIR (1 << 19) 90 #define FSIO_DIR_READDIR (1 << 20) 91 #define FSIO_DIR_MKDIR (1 << 21) 92 #define FSIO_DIR_RMDIR (1 << 22) 93 94 /* Macro that defines directory operations */ 95 #define FSIO_DIR_COMMON (FSIO_DIR_CHROOT|FSIO_DIR_CHDIR|\ 96 FSIO_DIR_OPENDIR|FSIO_DIR_READDIR|\ 97 FSIO_DIR_CLOSEDIR|FSIO_DIR_MKDIR|\ 98 FSIO_DIR_RMDIR) 99 100 /* Default mode used when creating files */ 101 #define PR_OPEN_MODE 0666 102 103 /* Modular filesystem object */ 104 105 typedef struct fs_rec pr_fs_t; 106 typedef struct fh_rec pr_fh_t; 107 108 struct fs_rec { 109 110 /* These pointers will be effective once layered FS modules are 111 * supported 112 */ 113 pr_fs_t *fs_next, *fs_prev; 114 115 /* Descriptive tag for this fs object */ 116 char *fs_name; 117 118 char *fs_path; 119 120 /* Slot for module-specific data */ 121 void *fs_data; 122 123 /* Pool for this object's use */ 124 struct pool_rec *fs_pool; 125 126 /* FS function pointers */ 127 int (*stat)(pr_fs_t *, const char *, struct stat *); 128 int (*fstat)(pr_fh_t *, int, struct stat *); 129 int (*lstat)(pr_fs_t *, const char *, struct stat *); 130 int (*rename)(pr_fs_t *, const char *, const char *); 131 int (*unlink)(pr_fs_t *, const char *); 132 int (*open)(pr_fh_t *, const char *, int); 133 int (*close)(pr_fh_t *, int); 134 int (*read)(pr_fh_t *, int, char *, size_t); 135 ssize_t (*pread)(pr_fh_t *, int, void *, size_t, off_t); 136 int (*write)(pr_fh_t *, int, const char *, size_t); 137 ssize_t (*pwrite)(pr_fh_t *, int, const void *, size_t, off_t); 138 off_t (*lseek)(pr_fh_t *, int, off_t, int); 139 int (*link)(pr_fs_t *, const char *, const char *); 140 int (*readlink)(pr_fs_t *, const char *, char *, size_t); 141 int (*symlink)(pr_fs_t *, const char *, const char *); 142 int (*ftruncate)(pr_fh_t *, int, off_t); 143 int (*truncate)(pr_fs_t *, const char *, off_t); 144 int (*chmod)(pr_fs_t *, const char *, mode_t); 145 int (*fchmod)(pr_fh_t *, int, mode_t); 146 int (*chown)(pr_fs_t *, const char *, uid_t, gid_t); 147 int (*fchown)(pr_fh_t *, int, uid_t, gid_t); 148 int (*lchown)(pr_fs_t *, const char *, uid_t, gid_t); 149 int (*access)(pr_fs_t *, const char *, int, uid_t, gid_t, array_header *); 150 int (*faccess)(pr_fh_t *, int, uid_t, gid_t, array_header *); 151 int (*utimes)(pr_fs_t *, const char *, struct timeval *); 152 int (*futimes)(pr_fh_t *, int, struct timeval *); 153 int (*fsync)(pr_fh_t *, int); 154 155 /* Extended attribute support */ 156 ssize_t (*getxattr)(pool *, pr_fs_t *, const char *, const char *, void *, 157 size_t); 158 ssize_t (*lgetxattr)(pool *, pr_fs_t *, const char *, const char *, void *, 159 size_t); 160 ssize_t (*fgetxattr)(pool *, pr_fh_t *, int, const char *, void *, size_t); 161 int (*listxattr)(pool *, pr_fs_t *, const char *, array_header **); 162 int (*llistxattr)(pool *, pr_fs_t *, const char *, array_header **); 163 int (*flistxattr)(pool *, pr_fh_t *, int, array_header **); 164 int (*removexattr)(pool *, pr_fs_t *, const char *, const char *); 165 int (*lremovexattr)(pool *, pr_fs_t *, const char *, const char *); 166 int (*fremovexattr)(pool *, pr_fh_t *, int, const char *); 167 int (*setxattr)(pool *, pr_fs_t *, const char *, const char *, void *, 168 size_t, int); 169 int (*lsetxattr)(pool *, pr_fs_t *, const char *, const char *, void *, 170 size_t, int); 171 int (*fsetxattr)(pool *, pr_fh_t *, int, const char *, void *, size_t, int); 172 173 /* For actual operations on the directory (or subdirs) 174 * we cast the return from opendir to DIR* in src/fs.c, so 175 * modules can use their own data type 176 */ 177 178 int (*chdir)(pr_fs_t *, const char *); 179 int (*chroot)(pr_fs_t *, const char *); 180 void *(*opendir)(pr_fs_t *, const char *); 181 int (*closedir)(pr_fs_t *, void *); 182 struct dirent *(*readdir)(pr_fs_t *, void *); 183 int (*mkdir)(pr_fs_t *, const char *, mode_t); 184 int (*rmdir)(pr_fs_t *, const char *); 185 186 /* This flag determines whether this FS handler allows cross-FS hardlinks, 187 * either from this FS to another FS, or from another FS to this FS. 188 * 189 * If the flag is set to FALSE by the FS registrant, then a hardlink 190 * across FS handlers will fail, with errno set to EXDEV. The caller 191 * will then have to handle the EXDEV error appropriately. 192 */ 193 int allow_xdev_link; 194 195 /* This flag determines whether this FS handler allows cross-FS renames, 196 * either from this FS to another FS, or from another FS to this FS. 197 * 198 * If the flag is set to FALSE by the FS registrant, then a rename 199 * across FS handlers will fail, with errno set to EXDEV. The caller 200 * will then have to handle the EXDEV error appropriately. 201 * 202 * In the core engine, a RNFR/RNTO sequence which encounters an EXDEV 203 * error will cause a copy/delete of the file. This can be more IO 204 * intensive than expected, and lead to longer times for the RNTO 205 * command to complete. 206 */ 207 int allow_xdev_rename; 208 209 /* This flag determines whether the paths handled by this FS handler 210 * are standard, filesystem-based paths, and such use the standard 211 * path separator, glob semantics, etc. 212 */ 213 int non_std_path; 214 }; 215 216 struct fh_rec { 217 218 /* Pool for this object's use */ 219 pool *fh_pool; 220 221 int fh_fd; 222 char *fh_path; 223 224 /* Arbitrary data associated with this file. */ 225 void *fh_data; 226 227 /* Pointer to the filesystem in which this file is located. */ 228 pr_fs_t *fh_fs; 229 230 /* For buffer I/O on this file, should anything choose to use it. */ 231 pr_buffer_t *fh_buf; 232 233 /* Hint of the optimal buffer size for IO on this file. */ 234 size_t fh_iosz; 235 }; 236 237 /* Maximum symlink count, for loop detection. */ 238 #define PR_FSIO_MAX_LINK_COUNT 32 239 240 /* Macros for that code that needs to get into the internals of pr_fs_t. 241 * (These will help keep the internals as opaque as possible). 242 */ 243 #define PR_FH_FD(f) ((f)->fh_fd) 244 245 int pr_fsio_stat(const char *, struct stat *); 246 int pr_fsio_fstat(pr_fh_t *, struct stat *); 247 int pr_fsio_lstat(const char *, struct stat *); 248 int pr_fsio_readlink(const char *, char *, size_t); 249 int pr_fsio_chdir(const char *, int); 250 int pr_fsio_chdir_canon(const char *, int); 251 void *pr_fsio_opendir(const char *); 252 int pr_fsio_closedir(void *); 253 struct dirent *pr_fsio_readdir(void *); 254 int pr_fsio_mkdir(const char *, mode_t); 255 int pr_fsio_rmdir(const char *); 256 int pr_fsio_rename(const char *, const char *); 257 int pr_fsio_smkdir(pool *, const char *, mode_t, uid_t, gid_t); 258 int pr_fsio_unlink(const char *); 259 pr_fh_t *pr_fsio_open(const char *, int); 260 pr_fh_t *pr_fsio_open_canon(const char *, int); 261 int pr_fsio_close(pr_fh_t *); 262 int pr_fsio_read(pr_fh_t *, char *, size_t); 263 ssize_t pr_fsio_pread(pr_fh_t *, void *, size_t, off_t); 264 int pr_fsio_write(pr_fh_t *, const char *, size_t); 265 ssize_t pr_fsio_pwrite(pr_fh_t *, const void *, size_t, off_t); 266 int pr_fsio_link(const char *, const char *); 267 int pr_fsio_symlink(const char *, const char *); 268 int pr_fsio_ftruncate(pr_fh_t *, off_t); 269 int pr_fsio_truncate(const char *, off_t); 270 int pr_fsio_chmod(const char *, mode_t); 271 int pr_fsio_fchmod(pr_fh_t *, mode_t); 272 int pr_fsio_chown(const char *, uid_t, gid_t); 273 int pr_fsio_fchown(pr_fh_t *, uid_t, gid_t); 274 int pr_fsio_lchown(const char *, uid_t, gid_t); 275 int pr_fsio_chroot(const char *); 276 int pr_fsio_access(const char *, int, uid_t, gid_t, array_header *); 277 int pr_fsio_faccess(pr_fh_t *, int, uid_t, gid_t, array_header *); 278 int pr_fsio_utimes(const char *, struct timeval *); 279 int pr_fsio_utimes_with_root(const char *, struct timeval *); 280 int pr_fsio_futimes(pr_fh_t *, struct timeval *); 281 int pr_fsio_fsync(pr_fh_t *fh); 282 off_t pr_fsio_lseek(pr_fh_t *, off_t, int); 283 284 /* Extended attribute support */ 285 ssize_t pr_fsio_getxattr(pool *p, const char *, const char *, void *, size_t); 286 ssize_t pr_fsio_lgetxattr(pool *, const char *, const char *, void *, size_t); 287 ssize_t pr_fsio_fgetxattr(pool *, pr_fh_t *, const char *, void *, size_t); 288 int pr_fsio_listxattr(pool *, const char *, array_header **); 289 int pr_fsio_llistxattr(pool *, const char *, array_header **); 290 int pr_fsio_flistxattr(pool *, pr_fh_t *, array_header **); 291 int pr_fsio_removexattr(pool *, const char *, const char *); 292 int pr_fsio_lremovexattr(pool *, const char *, const char *); 293 int pr_fsio_fremovexattr(pool *, pr_fh_t *, const char *); 294 int pr_fsio_setxattr(pool *, const char *, const char *, void *, size_t, int); 295 int pr_fsio_lsetxattr(pool *, const char *, const char *, void *, size_t, int); 296 int pr_fsio_fsetxattr(pool *, pr_fh_t *, const char *, void *, size_t, int); 297 298 /* setxattr flags */ 299 #define PR_FSIO_XATTR_FL_CREATE 0x001 300 #define PR_FSIO_XATTR_FL_REPLACE 0x002 301 302 /* Error-using variants of the FSIO API. */ 303 int pr_fsio_chmod_with_error(pool *p, const char *path, mode_t mode, 304 pr_error_t **err); 305 int pr_fsio_chown_with_error(pool *p, const char *path, uid_t uid, gid_t gid, 306 pr_error_t **err); 307 int pr_fsio_chroot_with_error(pool *p, const char *path, pr_error_t **err); 308 int pr_fsio_close_with_error(pool *p, pr_fh_t *fh, pr_error_t **err); 309 int pr_fsio_fchmod_with_error(pool *p, pr_fh_t *fh, mode_t mode, 310 pr_error_t **err); 311 int pr_fsio_fchown_with_error(pool *p, pr_fh_t *fh, uid_t uid, gid_t gid, 312 pr_error_t **err); 313 int pr_fsio_lchown_with_error(pool *p, const char *path, uid_t uid, gid_t gid, 314 pr_error_t **err); 315 int pr_fsio_lstat_with_error(pool *p, const char *path, struct stat *st, 316 pr_error_t **err); 317 int pr_fsio_mkdir_with_error(pool *p, const char *path, mode_t mode, 318 pr_error_t **err); 319 pr_fh_t *pr_fsio_open_with_error(pool *p, const char *path, int flags, 320 pr_error_t **err); 321 int pr_fsio_read_with_error(pool *p, pr_fh_t *fh, char *buf, size_t sz, 322 pr_error_t **err); 323 int pr_fsio_rename_with_error(pool *p, const char *from, const char *to, 324 pr_error_t **err); 325 int pr_fsio_rmdir_with_error(pool *p, const char *path, pr_error_t **err); 326 int pr_fsio_stat_with_error(pool *p, const char *path, struct stat *st, 327 pr_error_t **err); 328 int pr_fsio_unlink_with_error(pool *p, const char *path, pr_error_t **err); 329 int pr_fsio_write_with_error(pool *p, pr_fh_t *fh, const char *buf, size_t sz, 330 pr_error_t **err); 331 332 /* Set a flag determining whether we guard against write operations in 333 * certain sensitive directories while we are chrooted, e.g. "Roaring Beast" 334 * style attacks. 335 */ 336 int pr_fsio_guard_chroot(int); 337 338 /* Set a flag determining whether to use mkdtemp(3) (if available) or not. 339 * Returns the previously-set value. 340 */ 341 int pr_fsio_set_use_mkdtemp(int); 342 343 /* Sets a bitmask of various FSIO API options. Returns the previously 344 * set options. 345 */ 346 unsigned long pr_fsio_set_options(unsigned long opts); 347 #define PR_FSIO_OPT_IGNORE_XATTR 0x00001 348 349 /* FS-related functions */ 350 351 char *pr_fsio_getline(char *, size_t, pr_fh_t *, unsigned int *); 352 char *pr_fsio_getpipebuf(pool *, int, long *); 353 char *pr_fsio_gets(char *, size_t, pr_fh_t *); 354 int pr_fsio_puts(const char *, pr_fh_t *); 355 int pr_fsio_set_block(pr_fh_t *); 356 357 pr_fs_t *pr_register_fs(pool *, const char *, const char *); 358 pr_fs_t *pr_create_fs(pool *, const char *); 359 pr_fs_t *pr_get_fs(const char *, int *); 360 int pr_insert_fs(pr_fs_t *, const char *); 361 pr_fs_t *pr_remove_fs(const char *); 362 pr_fs_t *pr_unmount_fs(const char *, const char *); 363 int pr_unregister_fs(const char *); 364 365 /* FS Statcache API */ 366 void pr_fs_clear_cache(void); 367 int pr_fs_clear_cache2(const char *path); 368 369 /* Dump the current contents of the statcache via trace logging, to the 370 * "fs.statcache" trace channel. 371 */ 372 void pr_fs_statcache_dump(void); 373 374 /* Clears the entire statcache. */ 375 void pr_fs_statcache_free(void); 376 377 /* Clears the entire statcache and re-creates the memory pool. */ 378 void pr_fs_statcache_reset(void); 379 380 /* Tune the statcache policy: max number of items in the cache at any 381 * one time, the max age (in seconds) for items in the cache, and the policy 382 * flags. 383 * 384 * Note that setting a size of zero, OR setting a max age of zero, effectively 385 * disables the statcache. 386 */ 387 int pr_fs_statcache_set_policy(unsigned int size, unsigned int max_age, 388 unsigned int flags); 389 390 /* Copy a file from the given source path to the destination path. */ 391 int pr_fs_copy_file(const char *src, const char *dst); 392 393 /* Similar to pr_fs_copy_file(), with the addition of an optional progress 394 * callback, invoked during the potentially long-running copy process. 395 * 396 * The callback, when present, will be invoked with the number of bytes 397 * just written to the destination file in that iteration. 398 */ 399 int pr_fs_copy_file2(const char *src, const char *dst, int flags, 400 void (*progress_cb)(int)); 401 #define PR_FSIO_COPY_FILE_FL_NO_DELETE_ON_FAILURE 0x0001 402 403 int pr_fs_setcwd(const char *); 404 const char *pr_fs_getcwd(void); 405 const char *pr_fs_getvwd(void); 406 int pr_fs_dircat(char *, int, const char *, const char *); 407 int pr_fs_interpolate(const char *, char *, size_t); 408 int pr_fs_resolve_partial(const char *, char *, size_t, int); 409 int pr_fs_resolve_path(const char *, char *, size_t, int); 410 char *pr_fs_decode_path(pool *, const char *); 411 412 /* Similar to pr_fs_decode_path(), but allows callers to provide flags. These 413 * flags can be used, for example, to request that if there are errors during 414 * the decoding, the function NOT hide/mask them, as is done by default, but 415 * convey them to the caller for handling at a higher code layer. 416 */ 417 char *pr_fs_decode_path2(pool *, const char *, int); 418 #define FSIO_DECODE_FL_TELL_ERRORS 0x001 419 420 char *pr_fs_encode_path(pool *, const char *); 421 int pr_fs_use_encoding(int); 422 423 /* Split the given path into its individual path components. */ 424 array_header *pr_fs_split_path(pool *p, const char *path); 425 426 /* Given an array of individual path components, join them into a single 427 * path. The count parameter indicates how many components in the array, 428 * starting from zero, to use. 429 */ 430 char *pr_fs_join_path(pool *p, array_header *components, size_t count); 431 432 int pr_fs_valid_path(const char *); 433 void pr_fs_virtual_path(const char *, char *, size_t); 434 435 void pr_fs_clean_path(const char *, char *, size_t); 436 int pr_fs_clean_path2(const char *, char *, size_t, int); 437 #define PR_FSIO_CLEAN_PATH_FL_MAKE_ABS_PATH 0x001 438 439 int pr_fs_glob(const char *, int, int (*errfunc)(const char *, int), glob_t *); 440 void pr_fs_globfree(glob_t *); 441 void pr_resolve_fs_map(void); 442 443 /* Close all but the main three fds. */ 444 void pr_fs_close_extra_fds(void); 445 446 /* The main three fds (stdin, stdout, stderr) need to be protected, reserved 447 * for use. This function uses dup(2) to open new fds on the given fd 448 * until the new fd is not one of the big three. 449 */ 450 int pr_fs_get_usable_fd(int); 451 452 /* Similar to pr_fs_get_usable_fd(), except that it automatically closes the 453 * old (given) fd if a usable fd was found. Returns -1 (with errno set) if 454 * a usable fd could not be found. 455 */ 456 int pr_fs_get_usable_fd2(int *); 457 458 #if defined(HAVE_STATFS) || defined(HAVE_SYS_STATVFS_H) || \ 459 defined(HAVE_SYS_VFS_H) 460 off_t pr_fs_getsize(char *); 461 #endif 462 463 /* Unlike pr_fs_getsize(), this function is always present, and is also 464 * capable of returning an error when there is a problem checking the 465 * filesystem stats. 466 */ 467 int pr_fs_getsize2(char *, off_t *); 468 469 /* Similar to pr_fs_getsize2(), except that this operates on an already-opened 470 * file descriptor, rather than a path. 471 */ 472 int pr_fs_fgetsize(int, off_t *); 473 474 /* Perform access(2)-like checks on the given struct stat. */ 475 int pr_fs_have_access(struct stat *st, int mode, uid_t uid, gid_t gid, 476 array_header *suppl_gids); 477 478 /* Returns TRUE if the given path is on an NFS-mounted filesystem, FALSE 479 * if not on an NFS-mounted filesystem, and -1 if there was an error 480 * determining which (with errno set appropriately). 481 */ 482 int pr_fs_is_nfs(const char *path); 483 484 /* Provide advice/hints to the OS about what we are going to do with the 485 * given section of the opened file. 486 */ 487 void pr_fs_fadvise(int fd, off_t offset, off_t len, int advice); 488 #define PR_FS_FADVISE_NORMAL 10 489 #define PR_FS_FADVISE_RANDOM 11 490 #define PR_FS_FADVISE_SEQUENTIAL 12 491 #define PR_FS_FADVISE_WILLNEED 13 492 #define PR_FS_FADVISE_DONTNEED 14 493 #define PR_FS_FADVISE_NOREUSE 15 494 495 /* For internal use only. */ 496 int init_fs(void); 497 498 #ifdef PR_USE_DEVEL 499 void pr_fs_dump(void (*)(const char *, ...)); 500 #endif /* PR_USE_DEVEL */ 501 502 #endif /* PR_FSIO_H */ 503